'Do not call register' for NZ mooted

SMH

GO AWAY: The Law Commission has raised the idea of a register that would prohibit telemarketers making unsolicited sales calls.

Opinion poll

Would you join a 'Do not call' register?

Definitely

Maybe

Never

Vote Result

Relevant offers

Digital living

New Facebook photo viewer mimics Google+ Go digital to get over an ex Popular app's CEO apologises over privacy bungle Managing a massive music library Microsoft acknowledges Xbox Live hijacks People not keen to pay for fast broadband extras Facebook will release more user data Hundreds lose money after trader dies PlayStation Network merged with other services Indonesia tweeters fly in the face of censorship

A "Do not call" register that would prohibit telemarketers making unsolicited sales calls and a law that would oblige government agencies to tell people if their personal information had been lost or stolen are among a raft of ideas to tighten privacy law canvassed by the Law Commission.

In a 500-page report, the commission also floats the possibility of controls on "cloud computing" and questions whether tougher regulations may be required to prevent internet providers snooping on customers' emails and web surfing habits.

Interception provisions in the Crimes Act and Telecommunications Information Privacy Code are designed to stop internet providers from spying on customers, but the commission questions "whether more is needed" given deep packet inspection - a technology that can help internet providers better manage their networks - had the potential to be misused.

The commission has previously maintained that unwanted direct marketing was more of an irritant than an invasion of privacy, but says some see it as an intrusion, or "invasion of spatial privacy".

Direct marketing could also be regarded as a privacy issue if it involved the use of personal details for an unwanted purpose.

The Marketing Association has a code of practice that stipulates members should not make telesales calls to the 44,000 people on a register who have objected, but the Law Commission says a weakness is the code applies only to members of the association and it "lacks enforcement mechanisms".

Other countries, including Australia, Canada and the United States, have legally-binding "do not call registers". The commission said that in its view "an efficient user-friendly remedy for people affected by direct marketing approaches of various kinds" was required.

Keith Norris, public affairs director of the Marketing Association, says it would strongly oppose any moves to increase the legislative pressure on any form of marketing.

"We really don't have a problem in this country. We don't have the kind of wholesale buying and selling of customer information that occurs in the United States and certain parts of Europe. We have a very well-disciplined industry and we have excellent codes of practice."

The commission says there have been serious data breaches in New Zealand, including:

* The Treasury losing a CD in the post that contained the personal and company tax details of numerous individuals.

* 2degrees website making it possible to see the personal details of previous visitors to the site.

* A fault in Massey University's intranet potentially exposing sensitive information about students to anyone who accessed the site.

It was desirable if victims were informed and people might have a "right to know" about such breaches. But the commission says studies in the US suggest legislation requiring disclosure of data breaches had little effect on the incidence of identity fraud.

Most data breaches did not result in problems and there was a risk people might overreact.

The commission has "no firm view" but says some feel that forcing organisations to disclose data breaches might be "out of proportion", except in the most serious cases.

The potential of a raft of technologies from social networking sites to radio-frequency identification chips are "both exciting and worrying", the commission says. It is inviting public comment on its report by April 30.

Private Matters

The Law Commission on RFID technology: There are concerns about its potential to track people by the tagged objects they carry or potentially by means of a chip implanted under the skin. Privacy concerns about RFID also arise from the ability for RFID data to be aggregated with other information so as to create detailed profiles about consumers, and the ability to clone RFID chips.

On biometrics: Privacy concerns about the use of biometrics include that the technology makes it easier to monitor people and link information about them and that biometrics may reveal sensitive information, such as information about a person's health, emotional state or ethnicity. There are also concerns about security and accuracy.

On Web 2.0: Of primary concern is the lack of transparency around the collection, retention and use of personal information.  Also of concern is the reduced ability individuals have to control the use of their personal information once it is available on the internet.

On social networking: Privacy groups have voiced concern that privacy- friendly settings are often not the default settings on social networking sites. This means that an individual must actively set their security settings in a privacy-friendly manner.

On cloud computing: The rapid growth in these services has given rise to some security glitches that have allowed private information to be shared without authority. In some cases, users have found it difficult to regain or erase their data when they wish to terminate their use of one of these services.

- © Fairfax NZ News